Before we get started let me start by saying that this software is provided as
is and should only be used in the understanding that I accept no liability
in regards to any damages that might result from its use (or misuse).
Setting up RADIUS before SMTP:
1. Figure out where to put your database file and the Perl scripts and edit
the Perl scripts to match your choice. by default its assumed the database
is in /var/mail/radius-smtp.db and the scripts are in /usr/local/bin
2. set up your RADIUS server to execute the Perl scripts for Start and Stop
accounting packets. First you need a radius server that can execute
commands in response to accounting events such as FreeRADIUS. a sample
radius.conf and acct-user file are provided. You will need at minimum:
1) The Livingston radius compatible files module loaded in the modules
section of the radius.conf file like so:
files {
usersfile = ${confdir}/users
acctusersfile = ${confdir}/acct_users
preproxy_usersfile = ${confdir}/preproxy_users
compat = no
}
2) A preacct section that passes off to the files module.
preacct {
files
}
3) an acct-user file that calls start and stop with the framed IP address
of the user for both Start and Stop accounting packets
(this adds the user's IP to the database on login and removes it
on logout to control who is allowed in by the MTA or whatever else
you want to control access to).
DEFAULT Acct-Status-Type == Start
Exec-Program = "/usr/local/bin/start %{Framed-IP-Address}"
DEFAULT Acct-Status-Type == Stop
Exec-Program = "/usr/local/bin/stop %{Framed-IP-Address}"
3. Finally you need to setup your own MTA to use the Berkeley database hash
file to control access to your mail server. I recommend you let the database
populate for at least a day or more before doing this so that just about
everyone that is really logged in will be in the database.
You just need to setup your dialup pools to be denied access to your mail
server and accept any IP address that is in the database file.
Since the scripts just simply put in (or remove) their arguments in the
database file you can easily test your ACL by running the start and stop
scripts by hand. another good command to monitor the database is the db
command that comes as part of most Berkley db distributions. just type db
hash and the full path to the database file to see its contents. for
example "db hash /var/mail/radius-smtp.db" will spit out the contents of
the database file /var/mail/radius-smtp.db.